General
-
Target
24102994a861982d9ae27bb210dcacd0_NeikiAnalytics
-
Size
92KB
-
MD5
24102994a861982d9ae27bb210dcacd0
-
SHA1
7474bb3dab6f5bff06cbe6df8f5338afebff8ec4
-
SHA256
0a55e15d9c193793f0fb23f460f740b87dffaf13585e8f5059477530ed082440
-
SHA512
f3639cb94108761dfaeaf1306621d3f582f1c0c8588429830ef94f4b98d4593cae7a2cfcb1e9f0f0cfd356662ec07cf88e2c56092a2759394fcd8fb7f97b09f5
-
SSDEEP
1536:6hhW0YTGZWdVseJxaM9kraLdV2QkQ1TbPX8IHOCkIsI4ESnNTh91e63WfmZr:0hzYTGWVvJ8f2v1TbPzuMsIFSnNTh3Lz
Score
10/10
Malware Config
Extracted
Family
remcos
Version
1.7 Pro
Botnet
Host
C2
10.0.2.15:2402
Attributes
-
audio_folder
audio
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
5
-
copy_file
U32c.exe
-
copy_folder
MicrosoftCryptographie
-
delete_file
true
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
true
-
install_path
%UserProfile%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
true
-
mutex
remcos_idwxrxyimd
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screens
-
screenshot_path
%AppData%
-
screenshot_time
1
-
startup_value
Windows Defender
-
take_screenshot_option
false
-
take_screenshot_time
5
Signatures
-
Remcos family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
24102994a861982d9ae27bb210dcacd0_NeikiAnalytics
Headers
Sections